From 8bd5e15ff7a57791956c4017ee8fb4a8ac0d8d2e Mon Sep 17 00:00:00 2001 From: Xinchen Hui Date: Thu, 18 Oct 2012 17:31:27 +0800 Subject: [PATCH] Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite) --- NEWS | 6 +++++- ext/pcre/php_pcre.c | 3 ++- ext/pcre/tests/bug63055.phpt | 23 +++++++++++++++++++++++ 3 files changed, 30 insertions(+), 2 deletions(-) create mode 100644 ext/pcre/tests/bug63055.phpt diff --git a/NEWS b/NEWS index 86f8629642..009f082bd0 100644 --- a/NEWS +++ b/NEWS @@ -2,9 +2,13 @@ PHP NEWS ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||| ?? ??? 2012, PHP 5.3.19 -- mysql: +- MySQL: . Fixed compilation failure on mixed 32/64 bit systems. (Andrey) +- PCRE: + . Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite). + (Dmitry, Laruence) + - PDO: . Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec). (Martin Osvald, Remi) diff --git a/ext/pcre/php_pcre.c b/ext/pcre/php_pcre.c index b1b9e66e9a..1af8151251 100644 --- a/ext/pcre/php_pcre.c +++ b/ext/pcre/php_pcre.c @@ -547,8 +547,9 @@ PHPAPI void php_pcre_match_impl(pcre_cache_entry *pce, char *subject, int subjec /* Overwrite the passed-in value for subpatterns with an empty array. */ if (subpats != NULL) { - zval_dtor(subpats); + zval garbage = *subpats; array_init(subpats); + zval_dtor(&garbage); } subpats_order = global ? PREG_PATTERN_ORDER : 0; diff --git a/ext/pcre/tests/bug63055.phpt b/ext/pcre/tests/bug63055.phpt new file mode 100644 index 0000000000..16c50b54e5 --- /dev/null +++ b/ext/pcre/tests/bug63055.phpt @@ -0,0 +1,23 @@ +--TEST-- +Bug #63055 (Segfault in zend_gc with SF2 testsuite) +--FILE-- + "bar"); /* this bucket will trigger the segfault */ +$dummy = array("dummy"); /* used to trigger gc_collect_cycles */ +$dummy[1] = &$dummy; + +$matches[1] = &$matches; +$matches[2] = $dummy; + +preg_match_all("/(\d)+/", "foo123456bar", $matches); +echo "okey"; +?> +--EXPECTF-- +okey -- 2.40.0